GLSA-200908-05 : Subversion: Remote execution of arbitrary code
High Nessus Plugin ID 40630
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200908-05 (Subversion: Remote execution of arbitrary code)
Matt Lewis of Google reported multiple integer overflows in the libsvn_delta library, possibly leading to heap-based buffer overflows.
A remote attacker with commit access could exploit this vulnerability by sending a specially crafted commit to a Subversion server, or a remote attacker could entice a user to check out or update a repository from a malicious Subversion server, possibly resulting in the execution of arbitrary code with the privileges of the user running the server or client.
There is no known workaround at this time.
SolutionAll Subversion users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-util/subversion-1.6.4'